-----------------------------------------------------------------
-- wireshark分析udp sample协议插件
-- 将自定义协议以可读的方式展示在wireshark中
-----------------------------------------------------------------

local udp_table = DissectorTable.get("udp.port")
local my_proto = Proto("udp-sample", "udp sample protocol", "udp sample protocol")
local my_port = 11110

local versionField = ProtoField.uint16("Version", "Version", base.DEC)
local idField = ProtoField.uint32("ID", "ID", base.DEC)
local stringField = ProtoField.string("Buffer", "Buffer")

my_proto.fields = {versionField, idField, stringField}

--协议分析器
function my_proto.dissector(buffer, pinfo, tree)
    pinfo.cols.protocol:set("udp-sample")

    local len = buffer:len()
    local myProtoTree = tree:add(my_proto, buffer(0, len), "udp sample protocol")
    local offset = 0
    
    myProtoTree:add(versionField, buffer(offset, 2))
    offset = offset + 2

    myProtoTree:add(idField, buffer(offset, 4))
    offset = offset + 4

    myProtoTree:add(stringField, buffer(offset, 1024))
end

--增加协议到Wireshark中
udp_table:add(my_port, my_proto)
